EBANX Security Vulnerability Reporting Policy

Thank you for your interest in notifying us about potential security issues in our products. We ask that you follow our responsible reporting process, so that we can reproduce and verify your report.

If you would like to bring security related problems to our attention, you can do so by contactingvulnerability@ebanx.com. We ask that you provide contact details so that we may ask for more information if necessary. Also it's important that you include your PGP public key in your report.

You can download our PGP key.

RESPONSIBLE DISCLOSURE GUIDELINES

Provide details of the vulnerability, including information needed to reproduce and validate the vulnerability and a Proof of Concept (POC)

Do all you can to avoid privacy violations, destruction of data and interruption or degradation of our services

Do not modify or access data that does not belong to you

Give us a reasonable amount of time to correct the issue before making any information public

We will attempt to respond to you within 1-2 business days. By following our responsible reporting guidelines, we commit to not taking legal action against you or seeking the involvement of law enforcement.